21:33:12 - I've now been hit 4790 times now from 149 different servers.
I'm now running this rough little script which gives the above output.
It loops about every 10 minutes.
<script>
while : ; do
cat /var/log/httpd/access_log |grep 'c+dir' >tempfile
TIME=`date | cut -f 4 -d " "`
ATTACKS=`wc -l <tempfile | tr -d ' '`
SERVERS=`cat tempfile | grep 'c+dir' | cut -f 2 -d " " | sort | uniq | wc -l | tr -d
' '`
rm -rf tempfile
echo "$TIME - I've now been hit $ATTACKS times now from $SERVERS different servers."
sleep 600
done
</script>
At 02:40 PM 09/19/2001 +1000, Gordon Rowell wrote:
>On Tue, Sep 18, 2001 at 09:37:18PM -0400, Dan Brown <[EMAIL PROTECTED]> wrote:
>> Mike Sensney wrote:
>>
>> > BTW, you can produce a sorted IP list of infected servers using:
>> > cat /var/log/httpd/access_log |grep 'c+dir' | cut -f 2 -d " " | sort
>> >
>> > How do you eliminate the duplicate entries?
>>
>> If you pipe that through uniq, it should do the trick.
>
>Don't forget that you usually need to sort before running through uniq
>to ensure that the duplicates are together:
>
>man uniq:
>
>[...]
> DESCRIPTION
> Discard all but one of successive identical lines from
> INPUT (or standard input), writing to OUTPUT (or standard
> output).
>[...]
>
>Gordon
>--
> Gordon Rowell [EMAIL PROTECTED]
> VP Engineering
> Network Server Solutions Group http://www.e-smith.com
> Mitel Networks Corporation http://www.mitel.com
>
>
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.280 / Virus Database: 147 - Release Date: 09/11/2001
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
